Posts by Oren Teich

Running Rails on Heroku Update

On February 16th, we published a blog post outlining five specific and immediate actions we would take to improve our Rails customers' experience with Heroku. We want to provide you with an update on where these things stand. As a reminder, here’s what we committed to do:

  1. Improve our documentation so that it accurately reflects how our service works across both Bamboo and Cedar stacks
  2. Remove incorrect and confusing metrics reported by Heroku or partner services like New Relic
  3. Add metrics that let customers determine queuing impact on application response times
  4. Provide additional tools that developers can use to augment our latency and queuing metrics
  5. Work to better support...

Continue reading »

Bamboo Routing Performance

Yesterday, one of our customers let us know about significant performance issues they have experienced on Heroku. They raised an important issue and I want to let our community know about it. In short, Ruby on Rails apps running on Bamboo have experienced a degradation in performance over the past 3 years as we have scaled.

We failed to explain how our product works. We failed to help our customers scale. We failed our community at large. I want to personally apologize, and commit to resolving this issue.

Our goal is to make Heroku the best platform for all developers. In this case, we did not succeed. But we will make it right. Here’s what we are working on now:

  • Posting an in-depth...

Continue reading »

Cross-Site Request Forgery Vulnerability Resolution

On Friday January 18, security researcher Benjamin Manns notified Heroku of a security vulnerability related to our add-ons program. At a high level, the vulnerability could have resulted in disclosing our Cross-Site Request Forgery tokens (these tokens are used to prevent browser hijacking) to third parties.

We quickly addressed the vulnerability and on Sunday, we deployed a patch to remediate the issue. We also reviewed our code for related vulnerabilities and conducted a review of our audit logs to determine the impact of the vulnerability. We found no instances of this issue being exploited.

We wish to thank Mr. Manns for his work and commitment to responsible disclosure. You can...

Continue reading »

Password Hijacking Security Vulnerability and Response

Heroku recently learned of and resolved a security vulnerability. We want to report this to you, describe how we responded to the incident, and reiterate our commitment to constantly improving the security and integrity of your data and source code.

On December 19, 2012, security researcher Stephen Sclafani notified us of an issue in our account creation system. Using a maliciously-crafted HTTP request, an attacker could change the password of a pre-existing Heroku user account, and thus gain control of it. This attack would not disclose the pre-existing password to the attacker (those are stored internally as non-recoverable bcrypt hashes).

Upon receiving notification, our engineering...

Continue reading »

Hosting San Francisco Rails 3.1 Hackfest

The rails community is making the final push to get 3.1 out and is looking for your help! As part of a worldwide effort over the weekend, Heroku is hosting a local hackfest to help finalize Rails 3.1.

On Saturday, July 23rd from 12pm to 5pm, Heroku will be hosting a gathering for the Rails 3.1 Hackfest. We're looking for people that want to improve things at all levels of the Rails stack - from debugging to documentation. Come with apps to upgrade to Rails 3.1. We'll also be working on getting Rails 3.1 apps running on Heroku's Celadon Cedar stack. If you haven't done this yet, don't miss the opportunity!

The Rails 3.1 Hackfest will be at our San Francisco office:


Continue reading »

An update on Heroku Node.js support

UPDATE: Node.JS is now officially available on Heroku.

In April we released experimental support for Node.js. Response was instant and overwhelming. Now, nearly 1,000 people are using Node.js on Heroku.

The goal of the experiment was to understand what it would take to run Node.js in the most Heroku way possible. The experiment was extremely successful. People have built great apps, provided feedback, and engaged in ways beyond our expectations. Three of the key requests we’ve heard are:

  • Support for long connections, beyond a 30 second timeout
  • HTTP 1.1 and websockets
  • Scaling Node.js as easily as Ruby

While we work on the next version incorporating these features and more, we are...

Continue reading »

Enterprise Social Apps

With over 80,000 applications on Heroku, we are frequently asked what type of apps people are building. While there’s a wide range, one of the areas I’ve been most excited about is social apps. We have thousands of social applications around Twitter, Facebook, and other platforms. The Social App Workshop last month was proof of the interest with a sold out crowd of over 150 people filling a basement on a great summer Saturday.

Social platforms are sweeping enterprises as well. From internal communities for collaboration to external communities with millions of users, enterprises are finding social software essential to how they work. Today we’re announcing a partnership...

Continue reading »

Social App Workshop Videos

Last month’s Social App Workshop was a huge success. With a sold out crowd of over 150 people filling the basement of our new office, a great lineup of presenters and some fun coding in the afternoon it surpassed our expectations. Social App Workshop is a hacker event for new and experienced developers working on Twitter & Facebook apps. With a combination of presentations and coding the workshop brings developers together to work on social apps.

The morning was spent with a combination of 10 min talks and 30 min talks from Facebook, Twitter, Heroku, Apigee, Twilio, and Abraham Williams. After getting everyone amped up in the morning, we broke into groups in the afternoon to...

Continue reading »

Bundler Status Update

Bundler is quickly shaping up to meet all it’s promise as THE best way to manage your application dependencies. This afternoon we updated Heroku to the latest version – 1.0.0RC5. RC5 addresses all known outstanding issues including the git sourced gems. You can see a full changelog on github.

One key problem Bundler was designed to address was the shifting sands of various gems updating and changing dependencies. As many of you have probably found in the past before Bundler, deploying could unexpectedly install new versions of gems on you, breaking your application. Bundler has added a new flag: “—deployment” for this very issue.

When you run “bundle...

Continue reading »

Blasting through Brazil

Our own Brazilian Pedro Belo will be making two stops in Brazil the first half of August. August 6th and 7th he’ll be speaking at the Oxente Rails 2010 conference. On August 8th he’ll be joining a local meetup in Sao Paulo to talk Ruby, Heroku and Beer.

If you’d like to join the meetup in São Paulo, drop Pedro a note for the location details. Ansioso para vê-lo!

Continue reading »

Teambox on Heroku

More and more developers are using Heroku as a SaaS deployment platform. By creating their applications on top of Heroku, they can leverage our architecture and security model to provide SaaS to their customers easily. Today we want to highlight a new favorite, Teambox.

Teambox is an opensource twitter-like collaboration tool for companies organization and teams. Teams around the world use it to collaborate and keep in touch, track tasks and much more.

The teambox team has made it easy to install on Heroku as well. This screencast walks you through the instructions from start to finish in just 5 minutes. Give it a try yourself, and try out their collaboration tool.

Continue reading »

Default to Bamboo

Deployment stacks have been a huge success. For many developers, heroku create —stack bamboo has become the default whenever creating new apps. With the latest version of Rails 2 and Rails 3 both requiring the Bamboo stack, we’re excited to make Bamboo the new default.

Effective immediately, all newly created apps will default to the bamboo stack with REE 1.8.7. You can still use the old aspen stack if you’d like by simply specifying `heroku create —stack aspen`. Existing apps stay on the stack they are on unless you explicitly migrate them.

A key feature of bamboo is to eliminate pre-installed gems. This provides app developers with considerably more flexibility...

Continue reading »

Rails 3 Beta 4 on Heroku

Heroku now supports Rails 3 beta 4 with Ruby 1.8.7. Make sure to push up to bamboo, and you should be all set!

As Rails 3 matures and gets closer to production a number of pieces continue to change. The beta 4 update introduced two significant changes to be aware of:

  • Require Ruby 1.8.7 > p249 or Ruby 1.9.2.
  • Require Bundler 0.9.26.

Heroku has updated to Ruby REE 1.8.7-2010.02 which incorporates the necessary patches for Rails 3. We will add support for 1.9.2 when the community releases the official release. In the meantime, developers interested in using Rails 3 on Heroku must use Ruby 1.8.7.

We have also updated to the latest stable release of Bundler: 0.9.26. We will continue to...

Continue reading »

MongoHQ Add-on Public Beta

Let’s cut straight to the chase: MongoHQ is launching their add-on to all Heroku users as a public beta.

The details

Over the last six months we have seen persistent demand for MongoDB support on Heroku, so we are incredibly excited that MongoHQ is releasing their highly anticipated add-on into public beta today. The add-on interfaces seamlessly with their successful hosted service, and allows developers to use MongoDB as a first-class-citizen data store in any of their Heroku apps. Using it is just as easy as you’ve come to expect from Heroku: simply add the add-on, and you’re good to go!

The first available plan is free and includes one database up to 16MB. Soon, you...

Continue reading »

Supporting Large Data: Part 1

As apps have matured on Heroku, data sets have gotten much larger. Taps is designed to help development by providing a fast and easy way to transfer databases between local environments and Heroku. Today we launched taps 0.3 with a reworked architecture and a new set of features focused on large data sets:

  1. Push/Pull Specific Tables
    You can now choose which tables to push and pull. Specify a regex and taps will only push or pull the tables that match. To only pull specific tables, specify a comma delimited list. For example, to pull the logs and tags tables, run this command:
    heroku db:pull --tables logs,tags
  2. Resume Transfers
    Interruptions can happen when moving large datasets....

Continue reading »

Memcached Public Beta

The top open request from our recent survey has been for memcached. Memcached is a simple, fast and scalable in-memory object caching system. Dynamic web applications use memcached to store frequently used data, reducing database load. The Heroku memcached add-on is built on the NorthScale distribution of memcached (NorthScale Memcached Server) which includes an advanced, per-user security model. The service is fully managed by NorthScale – a company formed and run by leaders of the memcached open source project.

All Heroku users can use the add-on today. Read the docs for full details on getting started and add away. We’ll be using this beta period to analyze usage, determine...

Continue reading »

Heroku Casts: Queue Depth & New Relic

New Relic RPM is an on-demand performance management solution for web applications developed in Ruby. New Relic recently introduced an updated agent. Some of the highlights include support for Sinatra and rack apps, as well as background workers.

They also added a great Heroku feature; you can now view your backlog depth history. When a request comes in to Heroku it’s passed to your dynos to process the request. If more requests are coming in than your dynos can handle, the requests queue up. Our docs provide a more detailed overview of performance. The queue is often a sign that you need to increase your dynos or speed up your app. New Relic can now show you the peak and average...

Continue reading »

Public Beta: Deployment Stacks

Heroku Apps run on a fully curated stack with everything from the front end caching to the base libraries selected and managed. Today, we’re making available an additional curated stack, with updated libraries and Ruby VMs. You now have the choice of running on the original “Aspen” stack, or using the new “Bamboo” stack. Both are first class citizens and the choice on which to use is yours to make.

With a single simple command, you can migrate existing apps back and forth between stacks, or deploy new apps to this updated stack. Best of all, as part of the new stack, you also have a choice of Ruby VM between Ruby REE 1.8.7 and Ruby MRI 1.9.1. And yes, you...

Continue reading »

Winter 2009 Survey Results

In December we asked our users to take a survey on how they are using Heroku. After collecting the responses, we wanted to share some of the results with the rest of our user community.

Who’s using Heroku?
No surprise, but the majority identify themselves as in the “Software Technology” industry, at 65% of the respondents. The rest of the user base is divided between many groups, from Consultancies with 9%%, to the Arts & Entertainment industry with 6%% and Healthcare at 2.5%%. Respondents reported annual web application budgets as high as $10M/year, with over 13% spending >$100K/annually.

How are they using Heroku?
These users are building a huge range of...

Continue reading »

Gem Bundler on Heroku

Gem Bundler is rapidly on its way to becoming the new community standard for managing gem dependencies in Ruby apps. Bundler is the default gem manager for Rails 3, but it will also work seamlessly with any other web framework (or no framework) since it has no dependencies itself.

Using it is as simple as creating a Gemfile in the root of your app:

 source :gemcutter gem 'sinatra', '0.9.4' gem 'haml', '2.2.17' 

…and running “bundle install” at the command line, which sets up all of your gems.

Yehuda Katz has a writeup on using bundler that outlines various scenarios for using bundler.

Heroku now has native support for gem bundler. If you push up a repo that has a Gemfile...

Continue reading »

Manage Heroku with your iPhone

You get a call from your partner that your app just hit
the front page of Digg. You’re away from your computer, and need to scale your app up now! Fire up Nezumi and dial your dynos to 12 to handle the load no problem.

Nezumi is a 3rd party iPhone app that allows you to perform almost any of the functions that the CLI supports, from restarting your app, changing your dynos and workers, viewing logs, adding collaborators, and much more. It’s available now from the iTunes store.

Marshall, the developer of Nezumi, was kind enough to provide us 5 copies of Nezumi to give away. Leave a comment below, and on Friday we’ll select 5 people from random and email you a promo code...

Continue reading »

Success Story: FlightCaster

Last month’s featured app was FlightCaster. FlightCaster provides flight delay prediction, letting you know 6 hours in advance if your flight is delayed. Today we’ve posted their success story, along with a great video with their CEO, Jason Freedman.

Jason goes into some great details on how they use Heroku to handle their complex application, including using a Hadoop cluster to process millions of updates. In his words, “Heroku has enabled us to deliver a world class service without having the huge management and operational overhead we would have otherwise needed.”

Watch the video below, or click on through to the whole success story. For more technical details,...

Continue reading »

Success Story: Best Buy IdeaX

This month’s featured app is Best Buy IdeaX, developed by Bust Out Solutions. Best Buy IdeaX is a forum for Best Buy customers to share, rate, and discuss ideas to help make Best Buy better.

“We were very interested in running IdeaX on a cloud computing infrastructure such as Amazon EC2, but the cost of maintaining our own EC2 instances was just too high, not to mention frustrating. Heroku solves those problems for us with their solid platform infrastructure and nice user interface. We’re saving time and money, and enjoying development much more.” said Jeff Linn, Founder/CEO of Bust Out Solutions

Check out the Success Story and the live Best Buy IdeaX site.

Continue reading »

DJ has evolved into Workers

Modern web apps are increasingly making use of asynchronous, background workers for task processing needs. For many apps, workers are just as, if not even more important than the front end http stack. Ever since we launched DJ, we’ve been overwhelmed with requests from customers wanting access to several DJ workers per app. Based on the feedback, we have been coding away, making this happen, and today we’re proud to announce the release of Heroku Workers.

Workers as first-class citizens

The new Workers feature is based on Delayed Job, and will replace the current DJ add-on, which is retired. The major change here is that Workers are a first-class citizen on the Heroku platform...

Continue reading »

New Relic RPM Silver & Gold Add-on

A couple of weeks ago we announced that New Relic RPM Bronze is available free of charge for all Heroku customers through the our add-on catalog New Relic RPM is a application performance management tool that allows you to monitor, troubleshoot, and tune the performance of your Heroku app. One-click integration with the Heroku platform means that you can activate an RPM account and start monitoring your application in just minutes.

Here’s more great news: now you can upgrade to RPM Silver or RPM Gold, through the same add-on catalog. RPM Silver and Gold are charged per dyno-hour, so it’s only based on your actual usage of Heroku.

RPM Silver enables error tracking and...

Continue reading »

Tech: Sending email with Gmail

These days, it seems like almost all apps need to send email. And everyone has a gmail account. So why not have your app send email through Gmail? It’s fairly easy with just a few steps.

Heroku currently runs Ruby 1.8.6. This means you need to provide your own SMTP TLS library. Luckily, Adam has made that super easy with a quick little Rails plugin. Simply install the library, set a few config variables, and you’re good to go. Best of all, this simple plugin will work on any provider. Use it even if you’re not on Heroku. It’s just a fast way to make sure your SMTP connection to Gmail is setup correctly.

1. Install the plugin

 $ script/plugin install...

Continue reading »

Add-ons Launch

Heroku has focused since day one on making the end-to-end application experience as easy as possible. From our git focused workflow to the automated management of deployed applications, we’ve worked hard to give developers the flexibility to build amazing apps. Today we’re excited to announce a major extension of this flexibility with Add-ons.

For those who just want to see it in action, here’s a 3 minute overview:


Add-ons are a way to extend your application. They can provide core functionality (like full-text search or cron), add features to the platform (like deploy hooks or backup bundles), and integrate with amazing third party services (like Zerigo, ...

Continue reading »

Heroku Casts: Maintenance Mode

Today we’re launching an exciting new feature – maintenance mode.

We strive to make your deployment and management experience as seamless as possible, for both the developers and the end users. Part of any management task is performing routine maintenance tasks, from database migrations to more complex site upgrades. When you’re in the midst of doing these maintenance tasks, wouldn’t it be great to show your users a nice maintenance page, instead of a broken site? With the Heroku maintenance mode, now you can.

This quick 3:30 video shows you how to use maintenance mode, and even how to customize it for your own look and feel:

Continue reading »

Heroku Casts: Setting Up Custom Domains

NOTE: This documentation is out-of-date and no longer supported. It will not work with the current version of the Heroku platform. For the latest information about setting up custom domains on Heroku please use this article from the Heroku Dev Center.

Today is a twofer on the screencast front.

Setting up custom domains & DNS is one of those necessary evils that no one likes, and is way more confusing than it should be. Adding insult to injury, there’s not one solution for all cases. At a high level, the process is fairly easy. First, you need to point your domain to Heroku with your DNS provider (such as GoDaddy). Once your domain is pointed to Heroku, you then need to tell...

Continue reading »

The best camera is...

We periodically like to highlight some of the great applications people are building on Heroku. This week, a new web site and iPhone app for shutterbugs launched, and it’s getting great press and feedback around the web.

Chase Jarvis, a professional photographer, has been singing the praises of the iPhone camera as creative outlet. As he points out, the best camera is the one you have with you. To back that claim up, he’s launched a new project combining an iPhone application and community website.

When I saw that this was running on Heroku, I knew I had to find out more. I reached out to the developers behind this project: Übermind. I dropped the mad geniuses over there a...

Continue reading »

Our travels continue

In our ongoing efforts to spread the Heroku word worldwide, our North American tour continues with a bunch of new venues coming up.

Each time we meet with people, we’re blown away with the new applications people are creating on Heroku. For example, last month FlightCaster launched an amazing app for predicting flight delays using Heroku, Clojure, S3, Hadoop and some general amazing tech. We’d love to hear from you on what you’re creating, and find out how to make some awesome stuff.

Blake Mizerany continues his travel schedule talking about Heroku, Sinatra, Ruby development and scaling. If you’re in the area, make sure to stop by!

Continue reading »

BizConf Bound

Heroku has a special place in our heart for consultants and web development firms. They’re some of our best supporters and users. That’s why were excited to be heading out to BizConf this Thursday and Friday.

From the BizConf website:

It’s simple: energetic, enthused folks who want to learn more about how to actually do business today. This conference won’t consist of get-rich-quick talks or motivational speeches, but rather in-depth presentations, discussions and workshops on how to communicate, manage and network more dynamically and effectively.

If you’re going to be at BizConf, find me or drop me an email to arrange something. I’ll have some...

Continue reading »

Heroku Sass

No, we’re not talking back. Instead, we’re excited to announce that you can now use Sass on Heroku.

We’re big believers in elegance here, and Sass is a way to bring elegance to your CSS and page layout. Due to our read-only filesystem Sass hasn’t worked well on Heroku. Thanks to the efforts of one of our awesome engineers, there’s now a beta plugin available that enables you to use Sass & Heroku frictionlessly.

To use the plugin, install Sass as you normally would – include the HAML gem in your gem manifest. Then, script/plugin install the sass_on_heroku plugin:

$ script/plugin install git://

The plugin compiles...

Continue reading »

Bringing Heroku to the East Coast

With Morten out on the European tour, we didn’t want those here in the US to feel left out. Last week we attended a great BBQ and roundtable with Seattle.rb. Starting next week, we’ll be heading out to the east coast, and want to meet more of you.

Blake Mizerany will be talking with local meetup groups all along the east coast about Heroku, Sinatra, and Ruby development. We’re excited to hear how you’re using Heroku today, and what you’d like to see from us in the future.

We’re currently bookending the trip with two bigger groups: kicking it off with NYC.rb on August 11th, and ending the tour at Boston.rb on September 8th.

Have a meetup group, on the...

Continue reading »

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.